I've been playing with other distros, for full disk encryption among other things. The one hole in the arrangement is that /boot cannot be encrypted so you can't be sure of it (I think we were talking about this in one of the threads here). There was some idea of checking the contents of /boot after booting to make sure it wasn't meddled with. Well, someone has done that:
https://wiki.archlinux.org/index.php/Sy ... _partition
I haven't tried it yet with Fedora (the distro I'm playing with at the moment), but I am about to. Thought others might be interested. This might be adapted to Puppy, checking the stuff in /initrd/mnt/dev_save instead...
Securing your /boot partition
Hello, PaulBx1.
Security of Puppies have been discussed multiple times. Try a search on any serious meta-engine with "puppylinux security", you'll find lots of reference material, including some on this forum, and also some of BK's explanations.
To my knowledge, the most secure Puppy arrangement is: boot from and save to DVD. The second most secure Puppy arrangement is boot from CD, save to encrypted pup_save file.
I don't think that you need to go beyond that on a Puppy, and encrypt the /boot directory per se. Now of course, some malicious elf could try and do it for sport, but that's paranoia...
My 2 cents. BFN.
Security of Puppies have been discussed multiple times. Try a search on any serious meta-engine with "puppylinux security", you'll find lots of reference material, including some on this forum, and also some of BK's explanations.
To my knowledge, the most secure Puppy arrangement is: boot from and save to DVD. The second most secure Puppy arrangement is boot from CD, save to encrypted pup_save file.
I don't think that you need to go beyond that on a Puppy, and encrypt the /boot directory per se. Now of course, some malicious elf could try and do it for sport, but that's paranoia...
My 2 cents. BFN.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
You could also run Puppy from a multisession CD or DVD and save your non-OS-related files on an encrypted flash drive. By running from a multisession CD or DVD, you provide the opportunity to check if the OS files have been compromised (by booting with the puppy pfix=ram boot option, then mounting the multisession DVD and looking at the files that have been changed in previous sessions. Since the original Puppy files are still on the DVD, it's easy to see not only if they've been changed but how they've been changed.)
Running Puppy from a multisession CD or DVD is inherently more secure than running Puppy from a hard disk drive, whose files can be erased or overwritten without leaving a trace.
Running Puppy from a multisession CD or DVD is inherently more secure than running Puppy from a hard disk drive, whose files can be erased or overwritten without leaving a trace.